Privacy Policy

Effective Date: June 9, 2026  |  Last Updated: June 9, 2026

This Privacy Policy describes how Chopt ("we," "us," or "our") collects, uses, discloses, and protects the personal information of users ("you" or "your") who visit or use our website located at chopt-meal.click (the "Website") and any related services, features, or content we offer (collectively, the "Services"). We are committed to protecting your privacy and handling your personal information in a transparent and responsible manner in full compliance with applicable United States federal and state privacy laws.

Please read this Privacy Policy carefully. By accessing or using our Website and Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of our Website and Services immediately.

1. About Us and How to Contact Us

Chopt is a food-focused business operating within the United States. We are dedicated to providing high-quality food-related content, services, and experiences through our digital platform. We take the privacy and security of your personal information seriously and have implemented robust measures to protect it.

If you have any questions, concerns, or requests related to this Privacy Policy or our privacy practices, please contact our Privacy Team using the following information:

Company Name Chopt
Website chopt-meal.click
Email Address [email protected]

We aim to respond to all privacy-related inquiries within 30 business days of receipt. For urgent matters concerning potential data breaches or security incidents, we prioritize response times and will endeavor to respond as quickly as practicable.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information we collect through:

  • Our Website at chopt-meal.click and any subdomains thereof
  • Email, telephone, text message, and other electronic communications between you and Chopt
  • Online or mobile applications, if and when made available by Chopt
  • Any other interactions you may have with our business, whether online or offline

This Privacy Policy does not apply to third-party websites, platforms, or services that may be linked to or from our Website. We are not responsible for the privacy practices of such third parties, and we encourage you to review their privacy policies independently.

3. Information We Collect

We collect several categories of personal information from and about users of our Services. The type of information collected depends on how you interact with our Website and Services.

3.1 Personal Information You Provide Directly

When you voluntarily interact with our Website or Services, you may provide us with the following categories of personal information:

  • Identity and Contact Information: Your full name, email address, mailing address, phone number, and similar contact details when you create an account, subscribe to our newsletter, place an order, or contact us for support.
  • Account Credentials: Username and password if you register for an account on our Website.
  • Payment Information: Billing name, billing address, credit or debit card details, or other financial information required to process transactions. Note: We do not store complete payment card numbers; payment processing is handled by trusted third-party payment processors.
  • Order and Transaction Information: Details about food orders, preferences, dietary restrictions, special instructions, and order history.
  • Communications: Content of messages, emails, or inquiries you send to us, including customer support requests, feedback, and reviews.
  • Preferences and Profile Information: Food preferences, dietary restrictions, favorite items, and other personalization information you voluntarily share.
  • Survey and Promotional Participation Data: Responses to surveys, contests, sweepstakes, or promotional programs in which you choose to participate.

3.2 Information Collected Automatically

When you visit our Website, we and our third-party service providers may automatically collect certain information about your device and browsing activity. This includes:

  • Device Information: Device type (desktop, mobile, tablet), operating system and version, browser type and version, device identifiers, mobile network information, and hardware configuration.
  • Usage Data: Pages visited, links clicked, time spent on pages, referring URL, exit pages, search queries entered on the Website, and other actions taken on our Website.
  • Log Data: Internet Protocol (IP) address, access times, error logs, and other system activity information.
  • Location Information: General geographic location derived from your IP address. We do not collect precise GPS location unless you explicitly grant permission through your device settings.
  • Cookie and Tracking Data: Information collected through cookies, web beacons, pixel tags, and similar tracking technologies. Please refer to Section 8 of this Privacy Policy for more detailed information about our use of cookies.

3.3 Information from Third Parties

We may receive information about you from third-party sources, which we may combine with information we collect directly. These sources include:

  • Social Media Platforms: If you connect your social media account (such as Facebook, Instagram, or Google) to our Website or interact with our social media pages, we may receive certain profile information permitted by the platform and your privacy settings.
  • Analytics Providers: Third-party analytics services may provide us with aggregated insights about how users interact with our Website.
  • Advertising Partners: Partners who help us serve targeted advertisements may share audience data with us.
  • Food Delivery Aggregators and Partner Platforms: If you access our Services through third-party food ordering or delivery platforms, those platforms may share relevant transaction information with us.
  • Publicly Available Sources: Information available from public records, public databases, or publicly accessible social media profiles.

4. How We Use Your Information

We use the personal information we collect for a variety of purposes, all of which are grounded in our legitimate business interests, our contractual obligations to you, your consent, or compliance with applicable law. Specifically, we use your information to:

4.1 Provide and Improve Our Services

  • Process and fulfill your food orders, including communicating order confirmations, updates, and delivery notifications
  • Create and manage your account on our Website
  • Respond to your customer service inquiries and resolve disputes
  • Personalize your experience on our Website based on your preferences and past interactions
  • Improve, maintain, and optimize the functionality and performance of our Website and Services
  • Develop new features, products, and services that may interest you

4.2 Analytics and Research

  • Conduct internal analytics to understand how users interact with our Website
  • Monitor and analyze trends, usage patterns, and activities in connection with our Services
  • Conduct market research and customer satisfaction surveys
  • Evaluate the effectiveness of our marketing campaigns and promotional activities
  • Perform statistical analysis to improve our food offerings and user experience

4.3 Marketing and Communications

  • Send you promotional materials, special offers, newsletters, and updates about Chopt products and services, where you have provided consent or where permitted by applicable law
  • Deliver targeted advertisements through our Website and third-party platforms based on your interests and browsing behavior
  • Notify you about changes to our Services, policies, or terms
  • Invite you to participate in loyalty programs, contests, or promotional events

4.4 Legal Compliance and Safety

  • Comply with applicable federal, state, and local laws and regulations, including tax obligations and food safety requirements
  • Enforce our Terms of Service and other applicable policies
  • Detect, prevent, investigate, and respond to fraud, unauthorized access, security incidents, and other potentially harmful or illegal activities
  • Protect the rights, property, and safety of Chopt, our users, and the public
  • Respond to legal processes, court orders, or lawful requests from governmental or regulatory authorities

5. Sharing Your Information with Third Parties

We do not sell, rent, or trade your personal information for monetary compensation to third parties for their own marketing purposes. However, we may share your personal information in the following circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party companies and individuals to assist us in operating our Website, processing transactions, and providing our Services. These service providers may have access to your personal information solely to perform their designated functions and are contractually obligated not to use or disclose it for any other purpose. Categories of service providers include:

  • Payment processors and financial institutions
  • Cloud hosting and data storage providers
  • Email and communication service providers
  • Analytics and data analysis providers (e.g., Google Analytics)
  • Marketing and advertising technology platforms
  • Food delivery logistics partners
  • Customer relationship management (CRM) software providers
  • Cybersecurity and fraud prevention services

5.2 Legal Requirements

We may disclose your personal information if required to do so by law or in response to valid legal processes, including:

  • Compliance with a subpoena, court order, or other legal obligation
  • Cooperation with law enforcement agencies, regulatory authorities, or government bodies
  • Protection of the legal rights of Chopt, our employees, agents, or users
  • Prevention of imminent harm or emergency situations involving threats to public safety

5.3 Business Transfers

In the event that Chopt undergoes a merger, acquisition, reorganization, asset sale, bankruptcy, or other similar corporate transaction, your personal information may be transferred to the successor entity or acquiring party as part of the transaction. We will notify you via a prominent notice on our Website or by email if such a transfer occurs and will indicate any changes to this Privacy Policy that may result.

5.4 Consent-Based Sharing

We may share your personal information with other third parties when you have given us your explicit consent to do so, such as when you choose to connect your account with a third-party service or participate in a co-branded promotion.

5.5 Aggregate and De-Identified Data

We may share aggregated, anonymized, or de-identified data — which cannot reasonably be used to identify you — with third parties for industry research, analysis, marketing, advertising, and other business purposes without restriction.

6. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, loss, or destruction. These measures include:

  • Encryption: We use industry-standard Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers. Sensitive stored data is encrypted using strong encryption algorithms.
  • Access Controls: Access to personal information is restricted to authorized employees, contractors, and service providers who have a legitimate business need and are bound by confidentiality obligations.
  • Secure Payment Processing: Payment card data is processed through PCI DSS-compliant payment processors. We do not store complete credit card numbers on our systems.
  • Regular Security Assessments: We conduct periodic vulnerability assessments, penetration testing, and security audits to identify and remediate potential risks.
  • Incident Response: We maintain a data breach response plan and will notify affected individuals and relevant regulatory authorities in accordance with applicable law in the event of a security breach.
  • Employee Training: Our staff members who handle personal information receive regular training on data protection best practices and security protocols.
Important: While we take every reasonable precaution to protect your personal information, no method of transmission over the Internet or electronic storage system is completely secure. We cannot guarantee absolute security, and you transmit information to us at your own risk. We encourage you to use strong, unique passwords for your account and to protect your login credentials.

7. Your Privacy Rights

Depending on your state of residence within the United States, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

7.1 Rights Under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)

If you are a resident of California, you have the following rights under the CCPA and CPRA:

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purposes for which we collected or shared it, and the categories of third parties with whom we shared it.
  • Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions permitted by law.
  • Right to Correct: You have the right to request the correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. To exercise this right, please contact us at [email protected].
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of your sensitive personal information to certain specified purposes.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge different prices, provide a different level of quality, or suggest that you will receive different treatment for exercising your privacy rights.

7.2 General Privacy Rights (All U.S. Residents)

Regardless of your state of residence, you may exercise the following rights with respect to your personal information:

  • Right of Access: Request a copy of the personal information we hold about you.
  • Right of Correction: Request that we correct any inaccurate or incomplete personal information we maintain about you.
  • Right of Deletion: Request that we delete your personal information, subject to applicable legal retention requirements.
  • Right to Portability: Request that we provide your personal information in a structured, commonly used, and machine-readable format so that you may transfer it to another service provider where technically feasible.
  • Right to Withdraw Consent: Where our processing of your personal information is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to Opt-Out of Marketing: You may opt out of receiving promotional communications from us at any time by clicking the "unsubscribe" link in any marketing email, or by contacting us directly at [email protected].

7.3 How to Submit a Privacy Rights Request

To exercise any of the rights described above, you may submit a verifiable request by:

We will acknowledge receipt of your request within 10 business days and will respond to your request within 45 days of receipt. If we require additional time (up to an additional 45 days) to process your request, we will notify you of the extension and the reason for it. We may need to verify your identity before processing certain requests to protect the security of your personal information.

8. Cookie Policy Overview

Our Website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertisements. This section provides a brief overview of our cookie practices. Please refer to our full Cookie Policy for more detailed information.

8.1 Types of Cookies We Use

  • Strictly Necessary Cookies: These cookies are essential for the operation of our Website and enable core functionality such as security, account login, and order processing. These cannot be disabled.
  • Performance and Analytics Cookies: These cookies collect information about how visitors use our Website, such as which pages are visited most frequently and whether visitors receive error messages. This information is used to improve how our Website works. We may use tools such as Google Analytics for this purpose.
  • Functionality Cookies: These cookies allow our Website to remember your preferences (such as language, location, and saved food items) to provide a more personalized experience.
  • Targeting and Advertising Cookies: These cookies are used to deliver advertisements that are relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and to measure the effectiveness of advertising campaigns.

8.2 Managing Cookie Preferences

Most web browsers allow you to manage cookie preferences through browser settings. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. However, disabling certain cookies may affect the functionality of our Website. You can also opt out of interest-based advertising by visiting the Network Advertising Initiative (NAI) opt-out page at optout.networkadvertising.org.

9. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The specific retention period depends on the nature of the information and the purpose for which it is used.

Category of Data Retention Period
Account and registration information Duration of account plus 3 years after account closure
Order and transaction records 7 years (for tax and accounting compliance)
Customer communications and support records 3 years from the date of last interaction
Marketing preferences and consent records 3 years from last consent update or opt-out
Website analytics and usage data 26 months from collection
Cookie and tracking data Up to 2 years, depending on cookie type
Legal and compliance-related records As required by applicable law, typically 5–7 years

When personal information is no longer required for the purposes for which it was collected, we will securely delete, anonymize, or de-identify it in accordance with our internal data retention and destruction procedures.

10. Children's Privacy

Age Restriction: Our Website and Services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect personal information from individuals under the age of 18.

We do not direct our Services to children under 18 years of age, and we do not knowingly collect, use, or disclose personal information from minors. Our Website is not designed to attract children, and we do not offer products or services specifically targeted at children. If you believe that we may have inadvertently collected personal information from a child under the age of 18, please contact us immediately at [email protected], and we will take prompt steps to delete such information from our systems.

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under the age of 13 without verifiable parental consent. If we discover that a child under 13 has provided us with personal information without parental consent, we will immediately delete that information from our servers.

11. International Data Transfers

Chopt is operated in the United States, and the personal information we collect is processed and stored on servers located within the United States. If you are accessing our Website from outside the United States, please be aware that your information may be transferred to, stored, and processed in a country that may not have the same data protection laws as your country of residence.

By using our Website and Services, you consent to the transfer of your personal information to the United States and its processing there in accordance with this Privacy Policy. We take appropriate safeguards to ensure that any international transfers of personal information comply with applicable data protection laws and maintain adequate levels of protection for your personal information.

If you are located in a jurisdiction with data transfer restrictions, please contact us at [email protected] for more information about the specific safeguards we use when transferring your data internationally.

12. Applicable Law and Consumer Protection

Our privacy practices are governed by and comply with applicable United States federal and state laws, including but not limited to:

  • Federal Trade Commission Act (FTC Act), 15 U.S.C. § 45: We comply with the FTC's requirements regarding unfair or deceptive acts or practices, including with respect to privacy and data security representations.
  • California Consumer Privacy Act (CCPA), Cal. Civ. Code § 1798.100 et seq.: We comply with the rights and obligations applicable to businesses under the CCPA as amended by the California Privacy Rights Act (CPRA).
  • CAN-SPAM Act (15 U.S.C. § 7701 et seq.): Our email marketing practices comply with the requirements of the CAN-SPAM Act, including providing clear opt-out mechanisms in all commercial emails.
  • Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq.: We do not knowingly collect personal information from children under 13 years of age.
  • State Privacy Laws: We monitor and comply with evolving state-level privacy legislation across the United States, including applicable laws in states such as Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and others as they apply to our business operations.

13. Third-Party Links and Services

Our Website may contain links to third-party websites, social media platforms, food delivery partners, and other external services that are not operated by us. These links are provided for your convenience and informational purposes only. We have no control over the content, privacy policies, or practices of any third-party websites or services and accept no responsibility or liability for them.

We strongly encourage you to review the privacy policy of every third-party website or service you visit before providing any personal information. The inclusion of a link on our Website does not imply our endorsement of the linked website, its operator, or its privacy practices.

14. Do Not Track Signals

Some web browsers and devices allow users to enable a "Do Not Track" (DNT) signal that requests that websites not track your online behavior across different websites. Currently, our Website does not respond to DNT signals because a uniform technological standard for recognizing and implementing DNT signals has not yet been adopted by the digital advertising industry. However, you may opt out of certain tracking activities through the cookie management settings described in Section 8 of this Privacy Policy.

15. Your California Privacy Rights – Shine the Light Law

California Civil Code Section 1798.83, known as the "Shine the Light" law, permits California residents to request information once per calendar year about the categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to [email protected].

16. How to File a Complaint

If you have concerns about how we handle your personal information and you are not satisfied with our response to your privacy inquiry, you have the right to file a complaint with the relevant data protection or consumer protection authority. Below are key resources available to U.S. residents:

16.1 Federal Trade Commission (FTC)

The FTC is the primary federal agency responsible for consumer protection, including privacy matters, in the United States. You can file a complaint with the FTC at:

16.2 California Privacy Protection Agency (CPPA)

California residents may file complaints regarding potential violations of the CCPA/CPRA with the California Privacy Protection Agency:

16.3 State Attorney General Offices

Residents of other states may file privacy-related complaints with their respective state attorney general offices. We encourage you to consult the official website of your state's attorney general for the appropriate complaint filing procedures and contact information.

Before filing a formal complaint with a regulatory authority, we encourage you to first contact us directly at [email protected] so that we have the opportunity to address your concerns promptly and directly.

17. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our business practices, applicable laws, or technological developments. When we make material changes to this Privacy Policy, we will notify you by:

  • Posting the updated Privacy Policy on our Website with a revised "Last Updated" date prominently displayed at the top of the page
  • Sending a notification to the email address associated with your account (if applicable) for significant changes
  • Displaying a notice on our Website homepage or through a banner alert

Your continued use of our Website and Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. If you do not agree with the revised Privacy Policy, you should discontinue use of our Services.

18. Contact Information for Privacy Inquiries

We welcome questions, concerns, and feedback about this Privacy Policy and our privacy practices. If you wish to exercise your privacy rights, request information about our data practices, report a potential privacy incident, or submit any other privacy-related inquiry, please contact our Privacy Team through any of the following means:

Company Chopt
Email [email protected]
Website chopt-meal.click
Response Time Within 30 business days of receipt

When contacting us with a privacy inquiry, please include your full name, email address, a description of your request or concern, and the state in which you reside (if applicable) so that we can process your request efficiently and apply the correct legal framework to your inquiry.

Summary: At Chopt, we are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal information. We comply with applicable U.S. federal and state privacy laws, including the FTC Act and the CCPA/CPRA for California residents. If you have any questions or concerns about this Privacy Policy, please reach out to us at [email protected]. Thank you for trusting us with your personal information.

This Privacy Policy was last updated on June 9, 2026. Previous versions of this Privacy Policy are available upon written request.